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DETAILED ACTION 

1. This office action is in reply to an amendment filed on December 06, 2004. Claims 1-5, 
7-22 and 24-27 have been amended and new claims 28-29 have been added. Claims 1-29 are 
pending. 

Response to Arguments 

2. Applicant's arguments filed December 06,2004 have been fully considered but they are 
not persuasive. Applicant added new limitations to the original claims and further argues that the 
cited prior art Fetkovich et al. (US Patent 6,681 ,329 B1 ) is centered on the use of a digital 
signature, which once computed, is independent of the memory location of the relocatable 
module. The method of Fetkovich does not require the addresses of the relocatable code once 
the digital signature has been determined, and for that reason Fetkovich does not disclose the 
use of tables. Applicant further argues that Fetkovich does not explicitly disclose or suggest 
"providing a linker... operable to output relocation data stored in.... relocatable modules", 
"selecting addresses.... by examining during said linking step the relocation data output by said 
linker" and "storing said selected addresses in said tables". Examiner respectfully disagrees. 

It is true that Fetkovich uses digital signature to verify integrity of checking relocatable 
module, however examiner disagrees on the suggestion that the digital signature is independent 
of the memory location of the relocatable module. Examiner would point out that if an 
executable module relocates to a different base address, performing check sum (i.e., digital 
signature or hash MD5) of the module would not yield the same result compared with the 
original application module loaded to a default address since the check sum or digital signature 
has to be calculated using same way using and the same data [see for example column 1 , lines 
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57-67], for this reason Fetkovich uses address of relocatable modules from auxiliary section 
(.reloc) [see for example column 6, lines 14-18] and performs a normalization process on 
relocatable modules before performing the digital signature checking [see column 6, lines 44- 
65]. The auxiliary section (.reloc) is a data portion in the memory that is allocated along with the 
code segment and the data segment [see for example column 6, lines 14-18], wherein 
normalization comprises getting address information from the auxiliary section (.reloc) [column 
9, lines 5-15] which meets the recitation in the claims of determining default addresses and 
selected addresses from the tables. The examiner has used a second reference (Baentsch US 
Patent 6,496,910) to support his assertion that table insertion in memory is widely used in the 
art. However Fetkovich's teaching of auxiliary section (.reloc) in memory segment for storing 
addresses of relocatable modules is equivalent to storing selected addresses and reference 
addresses in the table as recited in the claims. 

3. With respect to applicant's argument that Fetkovich does not explicitly disclose or 
suggest "providing a linker... operable to output relocation data stored in... relocatable modules", 
"selecting addresses... by examining during said linking step the relocation data output by said 
linker" and "storing said selected addresses in said tables", the examiner would point out that 
Fetkovich teaches a dynamic link library including storing relocation information in the dynamic 
link library (auxiliary information section (.reloc)) and using address information from the 
auxiliary section to perform integrity checking [column 6, lines 7-22, column 9, lines 5-15 and 
columnIO, lines 17-27], which meets the claimed recitation. The examiner asserts that the 
combination of Fetkovich and Baentsch teach the claimed limitations, accordingly the rejection 
is respectfully maintained. 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1-29 are rejected under 35 U.S.C. 103(a) as being unpatentable over Fetkovich 
et al. (hereinafter Fetkovich) (US Patent No. 6,681,329 B1) in view of Baentsch et al. 
(hereinafter Baentsch) (US Patent No. 6,496,910). 

6. As per claims 1, 1 1, 17, 20, and 25, Fetkovich teaches a method / computer readable 
medium for determining the integrity of an application program running under an operating 
system on a computer system having a memory, the method comprising: 

pre-allocating one or more segments in the memory for at least a data portion of the 
application program [column 4, lines 31-35 and column 6, lines 14-17]; 

building the application program on said computer system using an operating system 
[column 4, lines 21-30, figure 1, units 102 and 108], by the steps of: 

providing a linker operable to associate addresses across relocatable modules and 
further operable to output relocation data stored in said relocatable modules [column 6, lines 7- 
22, column 9, lines 5-15 and columnIO, lines 17-27]; 

linking via sail linker one or more re-locatable object modules with one or more libraries 
and other object modules to form an intermediate executable module, said re-locatable object 
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modules being pre-compiled, and said libraries and said other object modules comprising 
relocation data [column 4, lines 21-30, 55-65 and column 5, lines 11-29], 

selecting addresses of portions of said libraries and said other object modules linked ot 
said intermediate executable module by examining during said linking step said relocation data 
output by said linker to [column 5 lines 37-51 column 6, lines 7-22, column 9, lines 5-15 and 
columnIO, lines 17-27]; 

loading said libraries and said other object modules in said memory to transform said 
intermediate executable module into said application program executable by said computer 
system [column 5, lines 10-27]; 

storing a default address of a selected subprogram of intermediate executable module in 
said data portion [column 4, lines 30-35 and column 5 f lines 15-25 and figure 3A units a-m], and 

determining a reference address (i.e., load address) associated with said selected 
subprogram at run-time for said application program [column 5, lines 37-50]; 

comparing said reference address (i.e., load address) with said default address [column 
5, lines 40-49]; and 

executing a security application or module to determine said integrity of said application 
program based on said reference address and said selected addresses (i.e., integrity checking 
using digital signature or checksum) [column 5, lines 51-67 and column 6, lines 1-7]. 

Furthermore, Fetkovich teaches an auxiliary section (.reloc) that contains a list of all the 
addresses in the program which must be fixed up by the loader as it relocates new addresses 
[column 6, lines 15-24], and as fro executing the application program under the operating 
system of the computer system, and retaining stored information in the data portion during 
application program execution, Fetkovich teaches a dynamic link library including storing 
relocation information in the dynamic link library (auxiliary information section (.reloc)) and using 
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address information from the auxiliary section to perform integrity checking [column 6, lines 7- 
22, column 9, lines 5-15 and columnIO, lines 17-27], further including examination DLLs at run 
time ][see for example column 5, lines 2-10]. Fetkovich does not explicitly teach inserting table 
in memory and storing selected addresses in said table. However inserting tables in memory 
and storing addresses in said tables is well known in the art. For example, Baentsch teaches a 
method for loading instruction codes to memory and linking instruction codes, including inserting 
table (i.e., relocation table) in segments and storing selected addresses in the table [column 4, 
lines 54-67], which has the advantage of providing relocation information during linking and 
uploading of modules. Therefore it would have been obvious to one having ordinary skill in the 
art at the time the invention was made to insert tables in memory and store address in the 
tables into the system of Fetkovich to determine relocation information during linking and 
uploading of modules. 

7. As per claims 2, 19 and 21 , the combination of Fetkovich and Baentsch teach the 
method as applied above. Furthermore, Fetkovich teaches the method, wherein said step of 
executing a security application uses said reference address if said reference address is equal 
to said default address [column 5, lines 49-65]. 

8. As per claims 3, 18 and 22, the combination of Fetkovich and Baentsch teach the 
method as applied above. Furthermore, Fetkovich teaches the method further comprising the 
step of computing a substitute address by offsetting memory locations of said selected 
addresses for every selected address [column 7, lines 9-31]. 
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9. As per claim 4, the combination of Fetkovich and Baentsch teach the method as applied 
above. Furthermore, Fetkovich teaches the method, wherein said step of executing a security 
application uses said substitute address if said reference address is unequal to said default 
address [column 7, lines 9-31]. 

10. As per claims 5 and 23, the combination of Fetkovich and Baentsch teach the method as 
applied above. Furthermore, Fetkovich teaches the method, wherein said selected addresses 
are offset by adding or subtracting an offset to said selected addresses [column 7, lines 35-45]. 

11. As per claim 6, the combination of Fetkovich and Baentsch teach the method as applied 
above. Furthermore, Fetkovich teaches the method, wherein said selected addresses are 
selected from a group consisting of memory references and jump target addresses [column 6, 
lines 24-36], and said subprograms are selected from a group consisting of functions, 
subroutines, procedures and libraries [column 6, lines 7-21 and column 4, lines 54-65]. 

12. As per claim 7, the combination of Fetkovich and Baentsch teach the method as applied 
above. Furthermore, Fetkovich teaches the method, wherein said security application is a 
checksum application [column 5, lines 63-65]. 

13. As per claims 8 and 29, the combination of Fetkovich and Baentsch teach the method as 
applied above. Furthermore, Fetkovich teaches the method, wherein said security application 
decrypts previously encrypted data [column 5, lines 5-10]. 
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14. As per claim 9, the combination of Fetkovich and Baentsch teach the method as applied 
above. Furthermore, Baentsch teaches the method, wherein said data is encrypted while said 
tables are being inserted [column 6, lines 50-59]. 

15. As per claims 10 and 24, the combination of Fetkovich and Baentsch teach the method 
as applied above. Furthermore, Fetkovich teaches the method, wherein said application 
program comprises encrypted data residing on a DVD disk [column 5, lines 50-59]. 

16. As per claim 12, the combination of Fetkovich and Baentsch teach the method as 
applied above. Furthermore, Fetkovich teaches the method, wherein said step of executing a 
security application uses said reference address if said reference address is equal to said 
default address [column 5, lines 49-65]. 

17. As per claim 13, the combination of Fetkovich and Baentsch teach the method as 
applied above. Furthermore, Fetkovich teaches the method further comprising the step of 
computing a substitute address by offsetting memory locations of said selected addresses 
stored for every said selected address [column 7, lines 9-31]. 

18. As per claim 14, the combination of Fetkovich and Baentsch teach the method as 
applied above. Furthermore, Baentsch teaches the method further comprising the step of 
storing said selected addresses in a compressed and encrypted format in said tables [column 6, 
lines 50-59]. 
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19. As per claim 15, the combination of Fetkovich and Baentsch teach the method as 
applied above. Furthermore, Fetkovich teaches the method, wherein said step of executing a 
security application is based on using said substitute address if said reference address is 
unequal to said default address [column 7, lines 9-31], 

20. As per claim 16, the combination of Fetkovich and Baentsch teach the method as 
applied above. Furthermore, Fetkovich teaches the method, wherein said application program 
comprises encrypted data residing on a DVD disk [column 5, lines 50-59]. 

21 . As per claim 26, the combination of Fetkovich and Baentsch teach the computer medium 
as applied above. Furthermore, Baentsch teaches the medium, wherein said method prevents 
access to encryption keys associated with said application program [column 6, lines 50-65]. 

22. As per claim 27, the combination of Fetkovich and Baentsch teach the computer medium 
as applied above. Furthermore, wherein said selected addresses are offset by adding or 
subtracting an offset to said selected addresses [column 7, lines 35-45]. 

23. As per claim 28, combination of Fetkovich and Baentsch teach the method as applied 
above. Furthermore, Fetkovich teaches the security algorithm is a check sum algorithm [column 
1, lines 61-63]. 

Conclusion 

24. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Beemnet W Dada whose telephone number is (571) 272-3847. The 
examiner can normally be reached on Monday - Friday (9:00 am - 5:30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



April 7, 2005 



Beemnet Dada 
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